PT-2023-19403 · Pypi+1 · Request+1

Di1L0O

Publicado

2023-02-22

Atualizado

2025-03-13

CVE-2023-24107

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions hour of code python 2015 version 520929797b9ca43bb818b2e8f963fb2025459fa3

Description The issue allows attackers to access sensitive user information and execute arbitrary code via a code execution backdoor in the request package, as specified in requirements.txt.

Recommendations For hour of code python 2015 version 520929797b9ca43bb818b2e8f963fb2025459fa3, consider removing or updating the request package in requirements.txt to prevent code execution backdoors. As a temporary workaround, restrict access to sensitive user information until a patch is available.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2023-24107

Produtos afetados

Hour Of Code Python 2015

Request

PT-2023-19403 · Pypi+1 · Request+1

CVE-2023-24107

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8